Windows KEK Certificate

Summary

Automate role to detect if a Windows agent has the updated 2023 KEK Certificate. If the Windows KEK Certificate role is detected, then the KEK Certificate is up to date.

Settings

Role Name

Windows KEK Certificate

Type

PowerShell

Sub-Type

BIOS

Detection String

{%@powershell.exe -nologo -noprofile -command "[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI KEK).bytes) -match 'Microsoft Corporation KEK 2K CA 2023'"@%}

Comparator

Equals

Result

True

Applicable OS

Windows

Summary​

Settings​

Role Name​

Type​

Sub-Type​

Detection String​

Comparator​

Result​

Applicable OS​

Summary

Settings

Role Name

Type

Sub-Type

Detection String

Comparator

Result

Applicable OS